Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 09.09.2012, 13:25   #1
biscurla
 
BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? - Standard

BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?



Hallo,

ich bekomme seit einigen Tagen von Avira die Fehlermeldung: "In der Datei <<C:\$Recycle.Bin\...\n>> wurde ein Virus oder unerwünschtes Programm BDS/ZeroAccess.Gen gefunden".

Sonst läuft das System aus meiner Sicht normal. Keine Beeinträchtigung der Internetverbindung, normale Geschwindigkeit etc.

Habe mit Avira einen vollständigen Systemscan durchgeführt und bis auf die Datei wurde nichts gefunden. Malwarebytes und TDSSKiller zeigen ebenfalls keine Funde.

Wie kann ich die Datei(en) entfernen ohne das System zu beschädigen? Oder hilft hier nur eine Neuinstallation? Danke schon mal für eure Hilfe!

Hier ist die defogger Log-Datei:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 09/09/2012 (XXXXXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Hier die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 09.09.2012 13:52:43 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = D:\Eigene Dateien\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free
7,98 Gb Paging File | 6,37 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,44 Gb Total Space | 12,42 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 78,73 Gb Total Space | 9,83 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive K: | 29,30 Gb Total Space | 27,92 Gb Free Space | 95,28% Space Free | Partition Type: NTFS
Drive L: | 39,06 Gb Total Space | 35,54 Gb Free Space | 90,98% Space Free | Partition Type: NTFS
Drive M: | 73,24 Gb Total Space | 64,17 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
Drive N: | 73,24 Gb Total Space | 37,69 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 32,21 Gb Free Space | 32,98% Space Free | Partition Type: NTFS
 
Computer Name: NONAME | User Name: XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.09 13:43:21 | 000,599,552 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe
PRC - [2012.08.08 18:57:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:53:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:53:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.05.06 04:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- P:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2005.09.06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) -- P:\CATIAV5R16\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2010.05.06 04:24:44 | 000,151,584 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010.05.06 04:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.15 18:51:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.18 14:51:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 18:53:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- P:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:53:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- P:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- P:\Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.10.02 23:06:20 | 004,065,280 | ---- | M] (ANSYS, Inc.) [Disabled | Stopped] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe -- (ANSYS, Inc. License Manager)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.09.06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Running] -- P:\CATIAV5R16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 18:53:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 18:53:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.17 13:22:59 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.26 15:21:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV - [2011.01.28 14:04:50 | 000,008,198 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: P:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: P:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: P:\Firefox\components [2012.09.08 10:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: P:\Firefox\plugins [2012.07.27 19:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: P:\Mozilla Thunderbird\components [2011.07.28 12:08:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: P:\Firefox\components [2012.09.08 10:27:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: P:\Firefox\plugins [2012.07.27 19:12:52 | 000,000,000 | ---D | M]
 
[2011.01.28 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions
[2011.01.28 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.08 23:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions
[2012.07.08 23:40:44 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2011.02.25 20:47:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:13:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
 
O1 HOSTS File: ([2012.07.19 19:54:39 | 000,443,619 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15236 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - P:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL (iMesh, Inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] P:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] P:\Office2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - P:\Office2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - P:\Office2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0574a7ed-2c4a-11e0-80b6-4487fc9fa8fa}\Shell - "" = AutoRun
O33 - MountPoints2\{0574a7ed-2c4a-11e0-80b6-4487fc9fa8fa}\Shell\AutoRun\command - "" = R:\LaunchU3.exe -a
O33 - MountPoints2\{4a86b261-e11f-11e0-acb9-4487fc9fa8fa}\Shell - "" = AutoRun
O33 - MountPoints2\{4a86b261-e11f-11e0-acb9-4487fc9fa8fa}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.09 13:43:20 | 000,599,552 | ---- | C] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe
[2012.09.07 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Malwarebytes
[2012.09.07 20:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.07 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.07 20:43:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.24 13:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\371DA
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.09 13:52:04 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\defogger_reenable
[2012.09.09 13:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.09 13:43:21 | 000,599,552 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe
[2012.09.09 13:43:14 | 000,050,477 | ---- | M] () -- D:\Eigene Dateien\Desktop\Defogger.exe
[2012.09.09 12:46:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.09 12:46:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.09 12:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.09 12:39:00 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.09 12:03:13 | 027,896,540 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.09 12:03:13 | 008,747,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.09 12:03:13 | 008,739,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.09 12:03:13 | 007,872,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.09 12:03:13 | 000,005,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 10:59:26 | 000,000,125 | ---- | M] () -- C:\Windows\wininit.ini
[2012.08.16 10:04:26 | 000,435,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.09 13:52:04 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\defogger_reenable
[2012.09.09 13:43:13 | 000,050,477 | ---- | C] () -- D:\Eigene Dateien\Desktop\Defogger.exe
[2012.08.21 10:59:26 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.28 18:23:54 | 000,004,608 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.12 21:41:27 | 000,004,614 | ---- | C] () -- C:\Users\XXXXXX\.recently-used.xbel
[2011.09.01 20:15:01 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2011.07.22 19:19:26 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\{99DCA071-82B5-48A8-B14B-7D2818AC516C}
[2011.05.31 09:48:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.16 19:35:30 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\{B876362B-0F51-4B85-A0D3-7DAF1E0E015A}
[2011.04.14 20:39:35 | 000,851,968 | ---- | C] () -- C:\Users\XXXXXX\file.rth
[2011.04.14 20:39:35 | 000,393,216 | ---- | C] () -- C:\Users\XXXXXX\file.full
[2011.04.14 20:39:35 | 000,393,216 | ---- | C] () -- C:\Users\XXXXXX\file.esav
[2011.04.14 20:39:35 | 000,001,710 | ---- | C] () -- C:\Users\XXXXXX\file.BCS
[2011.04.14 20:39:35 | 000,000,151 | ---- | C] () -- C:\Users\XXXXXX\file.stat
[2011.04.14 20:05:47 | 000,003,917 | ---- | C] () -- C:\Users\XXXXXX\file.err
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.26 10:29:55 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.28 13:09:16 | 000,007,599 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\Resmon.ResmonCfg
[2011.01.27 21:11:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.12 14:08:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2011.04.15 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\anshelp
[2011.05.14 16:07:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Ansoft
[2011.04.23 20:25:23 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Ansys
[2011.02.13 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Canon
[2011.02.04 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DAEMON Tools Lite
[2011.01.28 13:40:45 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DassaultSystemes
[2011.11.11 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Dev-Cpp
[2012.07.30 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft
[2011.02.25 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.12 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\gtk-2.0
[2011.01.28 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Helios
[2012.05.05 11:24:47 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ICAClient
[2012.02.25 20:31:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ICQ
[2011.09.10 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Lionhead Studios
[2011.01.26 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\OEM
[2012.07.08 16:59:40 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\SoftGrid Client
[2011.07.28 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Sony
[2011.01.28 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\T-Online
[2011.01.28 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Thunderbird
[2011.02.26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TrueCrypt
[2012.07.12 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software
[2011.03.02 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\XnView
[2012.08.18 18:10:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DED17083
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
         
und hier die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 09.09.2012 13:52:43 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = D:\Eigene Dateien\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free
7,98 Gb Paging File | 6,37 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,44 Gb Total Space | 12,42 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 78,73 Gb Total Space | 9,83 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive K: | 29,30 Gb Total Space | 27,92 Gb Free Space | 95,28% Space Free | Partition Type: NTFS
Drive L: | 39,06 Gb Total Space | 35,54 Gb Free Space | 90,98% Space Free | Partition Type: NTFS
Drive M: | 73,24 Gb Total Space | 64,17 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
Drive N: | 73,24 Gb Total Space | 37,69 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 32,21 Gb Free Space | 32,98% Space Free | Partition Type: NTFS
 
Computer Name: NONAME | User Name: XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- P:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- P:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14D94DE7-CBCB-45DF-AAF6-56C7C8D910F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1EA5C95D-A017-407A-9F1D-BE57A8576825}" = lport=445 | protocol=6 | dir=in | app=system | 
"{200CBCE1-74D7-4FF3-9857-3045D10CF6FC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{27766360-B01C-4F49-9BA5-532C24030F76}" = lport=137 | protocol=17 | dir=in | app=system | 
"{31D9B472-219E-4A2D-ADBA-F1632F85B4D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5021F107-6F92-466C-9401-682A2EDAB3F2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{540EC77C-275E-4939-B2CF-64E295447349}" = lport=6004 | protocol=17 | dir=in | app=p:\office2010\office14\outlook.exe | 
"{55C24B1D-A0C1-4593-AC83-91C04E76EF23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56703A41-8E90-42AA-AD3E-582FED0E03B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6E49A759-667E-41E0-A0FF-E2E5FF6861A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{881328EF-78EE-42DF-86CE-E219D34A876C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A7236A31-919A-4AE6-A9F5-0BAD3CC7A794}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C1097B2D-BC0D-4483-AFB6-8B12297293DF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E0543C28-7D2E-4083-B9F7-6F7E0E611C3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FA3B4518-F05C-428E-ADA0-EE1E129AFC08}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03618570-ABA6-44F0-B42B-4C94A77DEFF4}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | 
"{0EDB7E15-F2B0-4159-A5F1-B15CC5FB3972}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{12C93B20-D4A7-40CF-A10B-6197FC1E7274}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{134C9A17-3CB4-4AA1-A3F6-686377FFBFDB}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe | 
"{1C3B1DCB-DC9B-416A-AEFE-6E6401F6D2AD}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{1D8AABEC-5B7B-4394-931F-309CBA25F601}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1E6699E2-CB6B-4A96-BFA9-F08E4EFC67DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{268E0A85-6EC3-4EFB-B939-777349CB6284}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | 
"{28C94C6D-1BCC-4855-AF89-0B569130F6A4}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe | 
"{2E98B05E-CFAE-44BF-93EA-96C8EF8228BB}" = protocol=6 | dir=in | app=p:\steam\steam.exe | 
"{3393C40E-009D-4D79-83D1-A4543766E09D}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\desktopproxy.exe | 
"{39ED290E-1769-4753-AA5C-DB9DC7A11A2F}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe | 
"{40028AFD-06B2-4DF4-A2A4-E4B04BBB2933}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe | 
"{45ADB3D3-FB0B-4674-B790-772E3794B0AC}" = protocol=17 | dir=in | app=p:\office2010\office14\groove.exe | 
"{47227717-D7B1-43EE-BCE3-0CF472BF192C}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe | 
"{52D030A3-B58E-46CF-BD1E-BF084A596753}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5326CB67-3784-4E24-A93F-9B21EEFCD10F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{54580285-26ED-4997-B799-1F4228EFBCB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{642E6FF3-E0F0-4D45-BDBA-23C76725AA22}" = protocol=6 | dir=in | app=p:\steam\steam.exe | 
"{64628816-6CF4-44C3-A1AD-902C3F13CADC}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\ansoftrsmservice.exe | 
"{6F802B5A-24B1-49F1-8481-A241D6CDDDDB}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\desktopproxy.exe | 
"{701A2416-1003-4DDD-8A23-1B6458918CF1}" = protocol=17 | dir=in | app=p:\steam\steam.exe | 
"{722EEC6F-8BAF-4580-B5BB-BC3ADB390402}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe | 
"{7234945D-DC46-4D29-B8D5-45707E9CF099}" = protocol=6 | dir=in | app=p:\steam\steamapps\common\risen 2\system\risen2.exe | 
"{748FCD31-4267-44E5-B6A8-43DCC55D3CCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7C23AE58-45C1-41E2-B1A8-F5A18A9D049D}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\ansoftrsmservice.exe | 
"{7FFFF2EF-4399-498B-B65B-46A3DD717250}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{8432F022-5538-445A-B825-FCA713008581}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{890C6BEE-2335-4F7F-AB7D-FE04F9F91AA6}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe | 
"{89FE2993-E60A-40D6-A6E2-A7BBE1DB6953}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | 
"{8ABE7E11-70F7-4FDB-B8A8-ABCFF9EE648C}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\ansoftrsmservice.exe | 
"{8CD3FF64-9B1B-4E06-B31C-F099977216CE}" = protocol=6 | dir=in | app=p:\office2010\office14\groove.exe | 
"{8F34E0B0-769A-40CE-BE1C-5393438CB803}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{92EE3E74-262F-4768-AB8C-E60BD41CDF78}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\desktopproxy.exe | 
"{9C760A76-61E6-4A81-8085-054A8690F111}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\desktopproxy.exe | 
"{A517C298-E844-43DF-99FB-76DDA43745F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A5C9C988-3C60-4C6E-A07C-8C841BE330AB}" = protocol=17 | dir=in | app=p:\office2010\office14\onenote.exe | 
"{A76FD036-3398-460B-8F0B-81169123082A}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe | 
"{A9DD0E57-33C0-4616-B330-C385819E4314}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{AD63BA9D-D561-4F8D-9D02-F9167AAC1787}" = protocol=6 | dir=in | app=p:\microsoft office\office12\onenote.exe | 
"{AFC4A08A-F4D6-4DF7-885E-E8C0F52A9CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{B43563B9-D7AF-4C3D-A452-4A4C2364E4AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C3960EE0-71ED-45FA-B32E-37C874CD3F90}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe | 
"{C91B15F4-992C-4620-923C-82CC22DA165F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{CCADCABC-BE30-4394-B968-5D476B11246A}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\desktopproxy.exe | 
"{D09A1AEA-B570-4C53-AF34-47D783088AE3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | 
"{D20DF90A-D031-40FC-B0FF-F7530E193870}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\maxwell.exe | 
"{D2BDCF9A-2309-4615-BDFE-4F1C3A809F43}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\ansoftrsmservice.exe | 
"{D493ED47-4E5C-424D-8EF9-B447B6E4629E}" = protocol=17 | dir=in | app=p:\steam\steamapps\common\risen 2\system\risen2.exe | 
"{DC2728A1-FC7B-42C0-B44F-065C5E3DB0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E6A01AB2-B76E-4F0B-A1BF-90AED7EA32D7}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\desktopproxy.exe | 
"{E6E77709-B702-4E7E-901C-7752B2326818}" = protocol=6 | dir=in | app=p:\office2010\office14\onenote.exe | 
"{E73366B5-DA52-43B3-85B9-9D674CC4698A}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\maxwell.exe | 
"{E944C041-61FE-497F-8B90-8E90EB5D2CFD}" = protocol=17 | dir=in | app=p:\microsoft office\office12\onenote.exe | 
"{EA9E08F9-17E4-4AF5-9EB6-D7E7617FE806}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{F2A40DB3-0D47-4D3D-8BA2-178D23E17BC8}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe | 
"{F5A5358E-42B0-453D-8FF7-6F84EB004869}" = protocol=17 | dir=in | app=p:\steam\steam.exe | 
"{F5CED08F-D11F-43D9-AD9C-3F5ADBC6FB15}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\ansoftrsmservice.exe | 
"{F91E72DD-7DD7-4933-9B18-92C66625B9C7}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\ansoftrsmservice.exe | 
"TCP Query User{07E5B3D2-D168-41D9-97CB-4CCA1B8A783F}P:\ansoft\maxwell14.0\maxwell.exe" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe | 
"TCP Query User{1BBAEA4D-36D0-4DEC-9F08-0562AD77859B}P:\catiav5r16\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=p:\catiav5r16\intel_a\code\bin\cnext.exe | 
"TCP Query User{43806F10-EF3B-4366-B117-B133A8B24C50}P:\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=p:\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"TCP Query User{465977BF-2CE1-4728-BF06-31B6561058A6}P:\ansys inc\v121\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\framework\bin\win64\ansysfww.exe | 
"TCP Query User{490FBB73-26E1-4AA3-BB49-FC122B79C95A}P:\ansoft\maxwell14.0\maxcir.exe" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxcir.exe | 
"TCP Query User{65E73695-61BA-41B1-A719-FED8A52B9607}P:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe | 
"TCP Query User{67332BA4-C303-43C7-A7FA-A1012F1FF55A}P:\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=p:\videolan\vlc\vlc.exe | 
"TCP Query User{7EC2B4D5-EE55-4573-BA83-BD81941BB205}P:\ansoft\simplorer9.0\simplorer.exe" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe | 
"TCP Query User{A2D7CACA-D9EB-436A-BB0F-94ACF601CA9E}P:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe | 
"TCP Query User{DBCEB2E2-4146-4B81-A0C6-D5A39465B684}P:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe | 
"TCP Query User{FC659AC0-F6D7-4A9F-A908-C95EEE411AB5}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"UDP Query User{07DAB663-6D3E-43AC-B544-E28B955293E1}P:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe | 
"UDP Query User{16B20AD3-D7FF-4757-897E-A53B4BE4D38E}P:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe | 
"UDP Query User{1A5F9F4E-C674-4007-8383-822D12C5C915}P:\catiav5r16\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=p:\catiav5r16\intel_a\code\bin\cnext.exe | 
"UDP Query User{2704E31F-376B-4228-AFA2-F04EBD69B765}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"UDP Query User{4EEFB4E3-73E3-41D8-A274-418E32C77519}P:\ansoft\maxwell14.0\maxcir.exe" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxcir.exe | 
"UDP Query User{5AD3CB4A-2109-4F52-AA9F-E30200F9926D}P:\ansoft\maxwell14.0\maxwell.exe" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe | 
"UDP Query User{75C941F0-850E-40BD-9765-DFE4CB7E86E5}P:\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=p:\ansys inc\shared files\licensing\winx64\ansysli_client.exe | 
"UDP Query User{B81708C4-A7D8-4094-A705-5D86001B628C}P:\ansoft\simplorer9.0\simplorer.exe" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe | 
"UDP Query User{C92ED6E7-A827-4723-9F42-05005C5D7E20}P:\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=p:\videolan\vlc\vlc.exe | 
"UDP Query User{E3BD8EE2-A9A4-4943-B4A4-6BE2DFD5DA5C}P:\ansys inc\v121\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\framework\bin\win64\ansysfww.exe | 
"UDP Query User{F12DEC18-59A0-41DB-A32A-C2FFD684C4AB}P:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}" = ATI Catalyst Install Manager
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Dassault Systemes B16_0" = Dassault Systemes Software B16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0242111E-DC9B-4054-B3C6-396FCE82342A}" = PExprt  v7.0
"{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish
"{46710AEB-ACE9-4386-9DFB-8B65153BFA74}" = REALTEK Wireless LAN Driver
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard
"{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional
"{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese
"{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek
"{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All
"{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation
"{8f9d5e25-6d54-4b98-a0fd-c0e10f922788}" = Nero 9 Essentials
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CCE56E-8BE5-4179-A816-F536697434E6}" = Ansoft Simplorer  v9.0 
"{A8097381-76F0-44C3-98F3-BA71CC866A96}" = Ansoft Maxwell 14.0.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French
"{C5A177BB-C3D8-4395-A088-31A69837A648}" = Ansoft Maxwell 13.0
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcaniA" = ArcaniA - Gothic 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DAEMON Tools Lite" = DAEMON Tools Lite
"DCTnet" = DCTnet (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Gourmet Recipe Manager" = Gourmet (nur entfernen)
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"HaaliMkx" = Haali Media Splitter
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"iMesh" = iMesh
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"PowerISO" = PowerISO
"SDR2" = Schlag den Raab - Das 2. Spiel
"SkyTest® FQ-Trainingssoftware_is1" = SkyTest® FQ-Trainingssoftware 2.0
"Steam App 40390" = Risen 2 - Dark Waters
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.97.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.09.2012 04:56:19 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 08.09.2012 05:01:17 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79f70  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x13a4  Startzeit der fehlerhaften Anwendung: 0x01cd8da0805d8b07
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\LogonUI.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: bf3da100-f993-11e1-9fc4-4487fc9fa8fa
 
Error - 08.09.2012 12:09:49 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79d42  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xe58  Startzeit der fehlerhaften Anwendung: 0x01cd8ddc5cbabfe7
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\wbem\wmiprvse.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 9cff6ab3-f9cf-11e1-8101-4487fc9fa8fa
 
Error - 08.09.2012 13:09:00 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79e79  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xfec  Startzeit der fehlerhaften Anwendung: 0x01cd8de4a0fe7af2
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\consent.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e1b5e4b9-f9d7-11e1-9bff-4487fc9fa8fa
 
Error - 08.09.2012 14:33:14 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sdclt.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79920  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x640  Startzeit der fehlerhaften Anwendung: 0x01cd8df06696316d
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\sdclt.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a5d33012-f9e3-11e1-8a86-4487fc9fa8fa
 
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 09.09.2012 06:39:25 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLIDSvcM.exe, Version: 6.500.3165.0,
 Zeitstempel: 0x4a8b055b  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xa18  Startzeit der fehlerhaften Anwendung: 0x01cd8e775e782315
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Common Files\Microsoft Shared\Windows
 Live\WLIDSvcM.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung:
 9f6cf3b6-fa6a-11e1-ac55-4487fc9fa8fa
 
Error - 09.09.2012 07:12:07 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x108c  Startzeit der fehlerhaften Anwendung: 0x01cd8e7bf2b2a29e
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 3104a4ee-fa6f-11e1-ac55-4487fc9fa8fa
 
[ Media Center Events ]
Error - 03.05.2011 05:51:58 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 11:51:58 - Fehler beim Herstellen der Internetverbindung.  11:51:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.05.2011 05:52:14 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 11:52:03 - Fehler beim Herstellen der Internetverbindung.  11:52:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.05.2011 11:05:04 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 17:05:04 - Fehler beim Herstellen der Internetverbindung.  17:05:04 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.05.2011 11:05:15 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 17:05:09 - Fehler beim Herstellen der Internetverbindung.  17:05:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.05.2011 06:30:29 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 12:30:29 - Fehler beim Herstellen der Internetverbindung.  12:30:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.05.2011 06:30:39 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 12:30:34 - Fehler beim Herstellen der Internetverbindung.  12:30:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.05.2011 07:10:31 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 13:10:30 - Fehler beim Herstellen der Internetverbindung.  13:10:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.05.2011 07:10:40 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 13:10:36 - Fehler beim Herstellen der Internetverbindung.  13:10:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.05.2011 10:28:58 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 16:28:58 - Fehler beim Herstellen der Internetverbindung.  16:28:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.05.2011 10:29:08 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 16:29:03 - Fehler beim Herstellen der Internetverbindung.  16:29:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 10.03.2011 13:45:53 | Computer Name = NoName | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 199
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.08.2012 07:20:42 | Computer Name = NoName | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 24.08.2012 16:41:48 | Computer Name = NoName | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?08.?2012 um 22:40:18 unerwartet heruntergefahren.
 
Error - 25.08.2012 14:36:58 | Computer Name = NoName | Source = DCOM | ID = 10010
Description = 
 
Error - 29.08.2012 08:21:34 | Computer Name = NoName | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.09.2012 04:59:26 | Computer Name = NoName | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 04.09.2012 10:24:04 | Computer Name = NoName | Source = DCOM | ID = 10010
Description = 
 
Error - 08.09.2012 14:13:12 | Computer Name = NoName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 AMD External Events Utility erreicht.
 
Error - 08.09.2012 14:13:12 | Computer Name = NoName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1053
 
Error - 08.09.2012 14:25:18 | Computer Name = NoName | Source = DCOM | ID = 10010
Description = 
 
Error - 08.09.2012 14:28:06 | Computer Name = NoName | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 20:27:12 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 11.09.2012, 11:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? - Standard

BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?



Zitat:
Malwarebytes und TDSSKiller zeigen ebenfalls keine Funde.
Die Logs dazu bitte trotzdem posten
TDSS-Killer ist KEIN Spielzeug! Bitte nicht ohne Anweisung ausführen!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 14.09.2012, 21:43   #3
biscurla
 
BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? - Standard

BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?



Hallo,

so ich habe jetzt Windows neu installiert, dann alle Updates installiert und anschließend Antivir drüber laufen lassen und es wurde nichts gefunden.

Hab danach Antivir deinstalliert und mit Avast nochmal alles scannen lassen. Auch hier kein Fund. Ich trau dem ganzen Frieden aber irgendwie noch nicht.

Im Ordner "$Recycle.Bin" ist wieder ein Subfolder namens: "S-1-5-21-1692514539-1397013794-4007604138-1000", den ich nicht öffnen kann. Mir ist auch aufgefallen das der Ordner "$Recycle.Bin" mit dem genannten Subfolder auf jedem Laufwerk ist.

Ist das normal?

TDSS-Killer hat nichts gefunden. RogueKiller sind ein paar Einträge in der Regisrty aufgefallen. Hier die Logs:


TDSS-Killer:

Code:
ATTFilter
22:26:56.0504 3908  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:26:56.0894 3908  ============================================================
22:26:56.0894 3908  Current date / time: 2012/09/14 22:26:56.0894
22:26:56.0894 3908  SystemInfo:
22:26:56.0894 3908  
22:26:56.0894 3908  OS Version: 6.1.7600 ServicePack: 0.0
22:26:56.0894 3908  Product type: Workstation
22:26:56.0894 3908  ComputerName: NONAME
22:26:56.0910 3908  UserName: XXXXXX
22:26:56.0910 3908  Windows directory: C:\Windows
22:26:56.0910 3908  System windows directory: C:\Windows
22:26:56.0910 3908  Running under WOW64
22:26:56.0910 3908  Processor architecture: Intel x64
22:26:56.0910 3908  Number of processors: 4
22:26:56.0910 3908  Page size: 0x1000
22:26:56.0910 3908  Boot type: Normal boot
22:26:56.0910 3908  ============================================================
22:26:58.0532 3908  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:58.0579 3908  ============================================================
22:26:58.0579 3908  \Device\Harddisk0\DR0:
22:26:58.0579 3908  MBR partitions:
22:26:58.0579 3908  Initialize success
22:26:58.0579 3908  ============================================================
22:27:04.0445 3396  ============================================================
22:27:04.0445 3396  Scan started
22:27:04.0445 3396  Mode: Manual; 
22:27:04.0445 3396  ============================================================
22:27:04.0944 3396  ================ Scan system memory ========================
22:27:04.0944 3396  System memory - ok
22:27:04.0944 3396  ================ Scan services =============================
22:27:05.0115 3396  1394ohci - ok
22:27:05.0115 3396  ACPI - ok
22:27:05.0131 3396  AcpiPmi - ok
22:27:05.0131 3396  adp94xx - ok
22:27:05.0131 3396  adpahci - ok
22:27:05.0147 3396  adpu320 - ok
22:27:05.0147 3396  AeLookupSvc - ok
22:27:05.0162 3396  AFD - ok
22:27:05.0178 3396  agp440 - ok
22:27:05.0178 3396  ALG - ok
22:27:05.0178 3396  aliide - ok
22:27:05.0193 3396  AMD External Events Utility - ok
22:27:05.0193 3396  amdide - ok
22:27:05.0193 3396  AmdK8 - ok
22:27:05.0209 3396  amdkmdag - ok
22:27:05.0209 3396  amdkmdap - ok
22:27:05.0209 3396  AmdPPM - ok
22:27:05.0209 3396  amdsata - ok
22:27:05.0209 3396  amdsbs - ok
22:27:05.0225 3396  amdxata - ok
22:27:05.0225 3396  AppID - ok
22:27:05.0225 3396  AppIDSvc - ok
22:27:05.0225 3396  Appinfo - ok
22:27:05.0225 3396  arc - ok
22:27:05.0225 3396  arcsas - ok
22:27:05.0287 3396  aswFsBlk - ok
22:27:05.0334 3396  aswMonFlt - ok
22:27:05.0334 3396  aswRdr - ok
22:27:05.0349 3396  aswSnx - ok
22:27:05.0349 3396  aswSP - ok
22:27:05.0349 3396  aswTdi - ok
22:27:05.0349 3396  AsyncMac - ok
22:27:05.0365 3396  atapi - ok
22:27:05.0365 3396  AtiHdmiService - ok
22:27:05.0381 3396  AudioEndpointBuilder - ok
22:27:05.0381 3396  AudioSrv - ok
22:27:05.0381 3396  avast! Antivirus - ok
22:27:05.0396 3396  AxInstSV - ok
22:27:05.0396 3396  b06bdrv - ok
22:27:05.0427 3396  b57nd60a - ok
22:27:05.0427 3396  BDESVC - ok
22:27:05.0427 3396  Beep - ok
22:27:05.0443 3396  BFE - ok
22:27:05.0459 3396  BITS - ok
22:27:05.0459 3396  blbdrive - ok
22:27:05.0459 3396  bowser - ok
22:27:05.0459 3396  BrFiltLo - ok
22:27:05.0459 3396  BrFiltUp - ok
22:27:05.0459 3396  Browser - ok
22:27:05.0474 3396  Brserid - ok
22:27:05.0474 3396  BrSerWdm - ok
22:27:05.0474 3396  BrUsbMdm - ok
22:27:05.0474 3396  BrUsbSer - ok
22:27:05.0474 3396  BTHMODEM - ok
22:27:05.0490 3396  bthserv - ok
22:27:05.0490 3396  cdfs - ok
22:27:05.0490 3396  cdrom - ok
22:27:05.0490 3396  CertPropSvc - ok
22:27:05.0490 3396  circlass - ok
22:27:05.0505 3396  CLFS - ok
22:27:05.0505 3396  clr_optimization_v2.0.50727_32 - ok
22:27:05.0505 3396  clr_optimization_v2.0.50727_64 - ok
22:27:05.0537 3396  clr_optimization_v4.0.30319_32 - ok
22:27:05.0552 3396  clr_optimization_v4.0.30319_64 - ok
22:27:05.0552 3396  CmBatt - ok
22:27:05.0552 3396  cmdide - ok
22:27:05.0552 3396  CNG - ok
22:27:05.0552 3396  Compbatt - ok
22:27:05.0568 3396  CompositeBus - ok
22:27:05.0568 3396  COMSysApp - ok
22:27:05.0568 3396  crcdisk - ok
22:27:05.0583 3396  CryptSvc - ok
22:27:05.0599 3396  DcomLaunch - ok
22:27:05.0599 3396  defragsvc - ok
22:27:05.0615 3396  DfsC - ok
22:27:05.0755 3396  Dhcp - ok
22:27:05.0755 3396  discache - ok
22:27:05.0771 3396  Disk - ok
22:27:05.0786 3396  Dnscache - ok
22:27:05.0786 3396  dot3svc - ok
22:27:05.0802 3396  DPS - ok
22:27:05.0833 3396  drmkaud - ok
22:27:05.0849 3396  DXGKrnl - ok
22:27:05.0849 3396  EapHost - ok
22:27:05.0849 3396  ebdrv - ok
22:27:05.0864 3396  EFS - ok
22:27:05.0864 3396  ehRecvr - ok
22:27:05.0864 3396  ehSched - ok
22:27:05.0864 3396  elxstor - ok
22:27:05.0864 3396  ErrDev - ok
22:27:05.0880 3396  EventSystem - ok
22:27:05.0880 3396  exfat - ok
22:27:05.0880 3396  fastfat - ok
22:27:05.0880 3396  Fax - ok
22:27:05.0895 3396  fdc - ok
22:27:05.0895 3396  fdPHost - ok
22:27:05.0895 3396  FDResPub - ok
22:27:05.0895 3396  FileInfo - ok
22:27:05.0895 3396  Filetrace - ok
22:27:05.0911 3396  flpydisk - ok
22:27:05.0911 3396  FltMgr - ok
22:27:05.0911 3396  FontCache - ok
22:27:05.0911 3396  FontCache3.0.0.0 - ok
22:27:05.0911 3396  FsDepends - ok
22:27:05.0911 3396  Fs_Rec - ok
22:27:05.0927 3396  fvevol - ok
22:27:05.0927 3396  gagp30kx - ok
22:27:05.0927 3396  gpsvc - ok
22:27:05.0958 3396  Greg_Service - ok
22:27:05.0958 3396  hcw85cir - ok
22:27:05.0958 3396  HdAudAddService - ok
22:27:05.0973 3396  HDAudBus - ok
22:27:05.0973 3396  HidBatt - ok
22:27:05.0973 3396  HidBth - ok
22:27:05.0989 3396  HidIr - ok
22:27:05.0989 3396  hidserv - ok
22:27:06.0005 3396  HidUsb - ok
22:27:06.0005 3396  hkmsvc - ok
22:27:06.0005 3396  HomeGroupListener - ok
22:27:06.0020 3396  HomeGroupProvider - ok
22:27:06.0020 3396  HpSAMD - ok
22:27:06.0020 3396  HTTP - ok
22:27:06.0020 3396  hwpolicy - ok
22:27:06.0036 3396  i8042prt - ok
22:27:06.0036 3396  iaStor - ok
22:27:06.0036 3396  iaStorV - ok
22:27:06.0036 3396  idsvc - ok
22:27:06.0051 3396  iirsp - ok
22:27:06.0051 3396  IKEEXT - ok
22:27:06.0067 3396  IntcAzAudAddService - ok
22:27:06.0067 3396  intelide - ok
22:27:06.0083 3396  intelppm - ok
22:27:06.0083 3396  IPBusEnum - ok
22:27:06.0083 3396  IpFilterDriver - ok
22:27:06.0098 3396  iphlpsvc - ok
22:27:06.0098 3396  IPMIDRV - ok
22:27:06.0098 3396  IPNAT - ok
22:27:06.0129 3396  IRENUM - ok
22:27:06.0129 3396  isapnp - ok
22:27:06.0129 3396  iScsiPrt - ok
22:27:06.0317 3396  kbdclass - ok
22:27:06.0317 3396  kbdhid - ok
22:27:06.0332 3396  KeyIso - ok
22:27:06.0332 3396  KSecDD - ok
22:27:06.0348 3396  KSecPkg - ok
22:27:06.0348 3396  ksthunk - ok
22:27:06.0363 3396  KtmRm - ok
22:27:06.0363 3396  LanmanServer - ok
22:27:06.0363 3396  LanmanWorkstation - ok
22:27:06.0395 3396  lltdio - ok
22:27:06.0410 3396  lltdsvc - ok
22:27:06.0426 3396  lmhosts - ok
22:27:06.0426 3396  LSI_FC - ok
22:27:06.0441 3396  LSI_SAS - ok
22:27:06.0441 3396  LSI_SAS2 - ok
22:27:06.0441 3396  LSI_SCSI - ok
22:27:06.0441 3396  luafv - ok
22:27:06.0457 3396  Mcx2Svc - ok
22:27:06.0457 3396  megasas - ok
22:27:06.0457 3396  MegaSR - ok
22:27:06.0457 3396  MMCSS - ok
22:27:06.0457 3396  Modem - ok
22:27:06.0473 3396  monitor - ok
22:27:06.0473 3396  mouclass - ok
22:27:06.0473 3396  mouhid - ok
22:27:06.0488 3396  mountmgr - ok
22:27:06.0535 3396  MozillaMaintenance - ok
22:27:06.0551 3396  mpio - ok
22:27:06.0551 3396  mpsdrv - ok
22:27:06.0566 3396  MpsSvc - ok
22:27:06.0566 3396  MRxDAV - ok
22:27:06.0566 3396  mrxsmb - ok
22:27:06.0582 3396  mrxsmb10 - ok
22:27:06.0582 3396  mrxsmb20 - ok
22:27:06.0909 3396  msahci - ok
22:27:06.0925 3396  msdsm - ok
22:27:06.0925 3396  MSDTC - ok
22:27:06.0972 3396  Msfs - ok
22:27:06.0987 3396  mshidkmdf - ok
22:27:07.0003 3396  msisadrv - ok
22:27:07.0003 3396  MSiSCSI - ok
22:27:07.0003 3396  msiserver - ok
22:27:07.0065 3396  MSKSSRV - ok
22:27:07.0065 3396  MSPCLOCK - ok
22:27:07.0065 3396  MSPQM - ok
22:27:07.0190 3396  MsRPC - ok
22:27:07.0190 3396  mssmbios - ok
22:27:07.0206 3396  MSTEE - ok
22:27:07.0206 3396  MTConfig - ok
22:27:07.0206 3396  Mup - ok
22:27:07.0237 3396  mwlPSDFilter - ok
22:27:07.0253 3396  mwlPSDNServ - ok
22:27:07.0253 3396  mwlPSDVDisk - ok
22:27:07.0268 3396  MWLService - ok
22:27:07.0268 3396  napagent - ok
22:27:07.0284 3396  NativeWifiP - ok
22:27:07.0440 3396  NDIS - ok
22:27:07.0455 3396  NdisCap - ok
22:27:07.0487 3396  NdisTapi - ok
22:27:07.0502 3396  Ndisuio - ok
22:27:07.0518 3396  NdisWan - ok
22:27:07.0518 3396  NDProxy - ok
22:27:07.0518 3396  NetBIOS - ok
22:27:07.0533 3396  NetBT - ok
22:27:07.0533 3396  Netlogon - ok
22:27:07.0565 3396  Netman - ok
22:27:07.0565 3396  netprofm - ok
22:27:07.0580 3396  NetTcpPortSharing - ok
22:27:07.0596 3396  nfrd960 - ok
22:27:07.0611 3396  NlaSvc - ok
22:27:07.0611 3396  Npfs - ok
22:27:07.0611 3396  nsi - ok
22:27:07.0627 3396  nsiproxy - ok
22:27:07.0627 3396  Ntfs - ok
22:27:07.0643 3396  Null - ok
22:27:07.0658 3396  nvraid - ok
22:27:07.0658 3396  nvstor - ok
22:27:07.0674 3396  nv_agp - ok
22:27:07.0674 3396  ohci1394 - ok
22:27:07.0674 3396  p2pimsvc - ok
22:27:07.0674 3396  p2psvc - ok
22:27:07.0674 3396  Parport - ok
22:27:07.0674 3396  partmgr - ok
22:27:07.0674 3396  PcaSvc - ok
22:27:07.0689 3396  pci - ok
22:27:07.0689 3396  pciide - ok
22:27:07.0689 3396  pcmcia - ok
22:27:07.0689 3396  pcw - ok
22:27:07.0689 3396  PEAUTH - ok
22:27:07.0705 3396  PerfHost - ok
22:27:07.0705 3396  pla - ok
22:27:07.0705 3396  PlugPlay - ok
22:27:07.0705 3396  PNRPAutoReg - ok
22:27:07.0721 3396  PNRPsvc - ok
22:27:07.0721 3396  PolicyAgent - ok
22:27:07.0721 3396  Power - ok
22:27:07.0736 3396  PptpMiniport - ok
22:27:07.0736 3396  Processor - ok
22:27:07.0736 3396  ProfSvc - ok
22:27:07.0736 3396  ProtectedStorage - ok
22:27:07.0736 3396  Psched - ok
22:27:07.0752 3396  PSI - ok
22:27:07.0752 3396  ql2300 - ok
22:27:07.0767 3396  ql40xx - ok
22:27:07.0767 3396  QWAVE - ok
22:27:07.0767 3396  QWAVEdrv - ok
22:27:07.0767 3396  RasAcd - ok
22:27:07.0767 3396  RasAgileVpn - ok
22:27:07.0783 3396  RasAuto - ok
22:27:07.0783 3396  Rasl2tp - ok
22:27:07.0814 3396  RasMan - ok
22:27:07.0814 3396  RasPppoe - ok
22:27:07.0845 3396  RasSstp - ok
22:27:07.0861 3396  rdbss - ok
22:27:07.0861 3396  rdpbus - ok
22:27:07.0861 3396  RDPCDD - ok
22:27:07.0970 3396  RDPENCDD - ok
22:27:07.0986 3396  RDPREFMP - ok
22:27:07.0986 3396  RDPWD - ok
22:27:08.0001 3396  rdyboost - ok
22:27:08.0001 3396  RemoteAccess - ok
22:27:08.0001 3396  RemoteRegistry - ok
22:27:08.0017 3396  RpcEptMapper - ok
22:27:08.0017 3396  RpcLocator - ok
22:27:08.0017 3396  RpcSs - ok
22:27:08.0033 3396  rspndr - ok
22:27:08.0048 3396  RTL8167 - ok
22:27:08.0048 3396  SamSs - ok
22:27:08.0064 3396  sbp2port - ok
22:27:08.0064 3396  SCardSvr - ok
22:27:08.0064 3396  scfilter - ok
22:27:08.0064 3396  Schedule - ok
22:27:08.0064 3396  SCPolicySvc - ok
22:27:08.0064 3396  SDRSVC - ok
22:27:08.0079 3396  secdrv - ok
22:27:08.0079 3396  seclogon - ok
22:27:08.0095 3396  Secunia PSI Agent - ok
22:27:08.0095 3396  Secunia Update Agent - ok
22:27:08.0095 3396  SENS - ok
22:27:08.0111 3396  SensrSvc - ok
22:27:08.0111 3396  Serenum - ok
22:27:08.0142 3396  Serial - ok
22:27:08.0173 3396  sermouse - ok
22:27:08.0189 3396  SessionEnv - ok
22:27:08.0189 3396  sffdisk - ok
22:27:08.0204 3396  sffp_mmc - ok
22:27:08.0204 3396  sffp_sd - ok
22:27:08.0220 3396  sfloppy - ok
22:27:08.0235 3396  SharedAccess - ok
22:27:08.0235 3396  ShellHWDetection - ok
22:27:08.0235 3396  SiSRaid2 - ok
22:27:08.0235 3396  SiSRaid4 - ok
22:27:08.0251 3396  Smb - ok
22:27:08.0298 3396  SNMPTRAP - ok
22:27:08.0298 3396  spldr - ok
22:27:08.0298 3396  Spooler - ok
22:27:08.0298 3396  sppsvc - ok
22:27:08.0298 3396  sppuinotify - ok
22:27:08.0298 3396  srv - ok
22:27:08.0313 3396  srv2 - ok
22:27:08.0313 3396  srvnet - ok
22:27:08.0376 3396  SSDPSRV - ok
22:27:08.0376 3396  SstpSvc - ok
22:27:08.0391 3396  stexstor - ok
22:27:08.0391 3396  stisvc - ok
22:27:08.0391 3396  swenum - ok
22:27:08.0391 3396  swprv - ok
22:27:08.0391 3396  SysMain - ok
22:27:08.0407 3396  TabletInputService - ok
22:27:08.0407 3396  TapiSrv - ok
22:27:08.0407 3396  TBS - ok
22:27:08.0407 3396  Tcpip - ok
22:27:08.0423 3396  TCPIP6 - ok
22:27:08.0438 3396  tcpipreg - ok
22:27:08.0438 3396  TDPIPE - ok
22:27:08.0438 3396  TDTCP - ok
22:27:08.0438 3396  tdx - ok
22:27:08.0438 3396  TermDD - ok
22:27:08.0454 3396  TermService - ok
22:27:08.0454 3396  Themes - ok
22:27:08.0454 3396  THREADORDER - ok
22:27:08.0454 3396  TrkWks - ok
22:27:08.0454 3396  TrustedInstaller - ok
22:27:08.0454 3396  tssecsrv - ok
22:27:08.0469 3396  tunnel - ok
22:27:08.0469 3396  uagp35 - ok
22:27:08.0469 3396  udfs - ok
22:27:08.0469 3396  UI0Detect - ok
22:27:08.0469 3396  uliagpkx - ok
22:27:08.0485 3396  umbus - ok
22:27:08.0485 3396  UmPass - ok
22:27:08.0532 3396  Updater Service - ok
22:27:08.0547 3396  upnphost - ok
22:27:08.0547 3396  usbccgp - ok
22:27:08.0547 3396  usbcir - ok
22:27:08.0547 3396  usbehci - ok
22:27:08.0563 3396  usbhub - ok
22:27:08.0563 3396  usbohci - ok
22:27:08.0563 3396  usbprint - ok
22:27:08.0563 3396  USBS3S4Detection - ok
22:27:08.0563 3396  USBSTOR - ok
22:27:08.0563 3396  usbuhci - ok
22:27:08.0579 3396  UxSms - ok
22:27:08.0579 3396  VaultSvc - ok
22:27:08.0594 3396  vdrvroot - ok
22:27:08.0594 3396  vds - ok
22:27:08.0594 3396  vga - ok
22:27:08.0594 3396  VgaSave - ok
22:27:08.0594 3396  vhdmp - ok
22:27:08.0610 3396  viaide - ok
22:27:08.0610 3396  volmgr - ok
22:27:08.0610 3396  volmgrx - ok
22:27:08.0610 3396  volsnap - ok
22:27:08.0625 3396  vsmraid - ok
22:27:08.0625 3396  VSS - ok
22:27:08.0625 3396  vwifibus - ok
22:27:08.0766 3396  W32Time - ok
22:27:08.0781 3396  WacomPen - ok
22:27:09.0078 3396  WANARP - ok
22:27:09.0093 3396  Wanarpv6 - ok
22:27:09.0109 3396  wbengine - ok
22:27:09.0109 3396  WbioSrvc - ok
22:27:09.0109 3396  wcncsvc - ok
22:27:09.0125 3396  WcsPlugInService - ok
22:27:09.0125 3396  Wd - ok
22:27:09.0140 3396  Wdf01000 - ok
22:27:09.0140 3396  WdiServiceHost - ok
22:27:09.0140 3396  WdiSystemHost - ok
22:27:09.0140 3396  WebClient - ok
22:27:09.0140 3396  Wecsvc - ok
22:27:09.0140 3396  wercplsupport - ok
22:27:09.0187 3396  WerSvc - ok
22:27:09.0187 3396  WfpLwf - ok
22:27:09.0187 3396  WIMMount - ok
22:27:09.0187 3396  WinDefend - ok
22:27:09.0203 3396  WinHttpAutoProxySvc - ok
22:27:09.0203 3396  Winmgmt - ok
22:27:09.0203 3396  WinRM - ok
22:27:09.0203 3396  Wlansvc - ok
22:27:09.0218 3396  WmiAcpi - ok
22:27:09.0218 3396  wmiApSrv - ok
22:27:09.0218 3396  WMPNetworkSvc - ok
22:27:09.0234 3396  WPCSvc - ok
22:27:09.0234 3396  WPDBusEnum - ok
22:27:09.0234 3396  ws2ifsl - ok
22:27:09.0234 3396  wscsvc - ok
22:27:09.0249 3396  WSearch - ok
22:27:09.0249 3396  wuauserv - ok
22:27:09.0249 3396  WudfPf - ok
22:27:09.0249 3396  WUDFRd - ok
22:27:09.0249 3396  wudfsvc - ok
22:27:09.0265 3396  WwanSvc - ok
22:27:09.0296 3396  ================ Scan global ===============================
22:27:09.0296 3396  [Global] - ok
22:27:09.0296 3396  ================ Scan MBR ==================================
22:27:09.0312 3396  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:11.0231 3396  \Device\Harddisk0\DR0 - ok
22:27:11.0231 3396  ================ Scan VBR ==================================
22:27:11.0231 3396  ============================================================
22:27:11.0231 3396  Scan finished
22:27:11.0231 3396  ============================================================
22:27:11.0246 2924  Detected object count: 0
22:27:11.0246 2924  Actual detected object count: 0
         

Rogue-Killer:

Code:
ATTFilter
RogueKiller V8.0.3 [09/13/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normal Modus
Benutzer : XXXXXX [Admin Rechte]
Funktion : Scannen -- Datum : 09/14/2012 22:28:54

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : CleanSetup (cmd /C rmdir /S /Q "C:\Users\masteruser\AppData\Local\Temp\nro.tmp\") -> FAND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C5316836-3A75-4F74-B7B2-880C81FFDD3F} : NameServer (217.0.43.97 217.0.43.113) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FAND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FAND

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 5bab4d67880968a626a7b6d7e4b27cda
[BSP] 9fead01c78ae06cd1bacd66de11cceda : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
2 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 33761280 | Size: 59838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
         
__________________

Alt 15.09.2012, 12:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? - Standard

BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?



Zitat:
Ist das normal?
Ja! Außerdem hast du doch formatiert und alles neu gemacht!

Da du alles komplett neu gemacht hast wären wir durch, abschließend poste ich noch meinen Updateleitfaden!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?
7-zip, antivir, autorun, avira, bds/zeroaccess.gen, bho, bonjour, browser, converter, dllhost.exe, document, ebay, entfernen, error, firefox, flash player, grand theft auto, home, install.exe, locker, log-datei, logfile, microsoft office starter 2010, mp3, mywinlocker, ntdll.dll, office 2007, plug-in, poweriso, programm, realtek, recycle.bin, registry, safer networking, security, senden, super, svchost.exe, system, virus, win64, windows



Ähnliche Themen: BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?


  1. $Recycle.Bin , desktop.ini und S-1-5-18 VIRUS ???
    Plagegeister aller Art und deren Bekämpfung - 09.07.2014 (5)
  2. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  3. Trojan.Zeroaccess.C / Trojan.Zeroaccess!inf4
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (6)
  4. AVIRA Sicherheitshinweis; Datei: 'C\$Recycle.Bin\...\n'; Virus: 'BDS/ZeroAccess.Gen'
    Plagegeister aller Art und deren Bekämpfung - 27.06.2013 (29)
  5. Trojaner BDS/ZeroAccess.Gen in Datei C:\Recycle.Bin\... von Avira Antivir erkannt und kommt immer wieder
    Log-Analyse und Auswertung - 01.06.2013 (21)
  6. Virus, $Recycle.Bin ZeroAccess-Rootkit
    Log-Analyse und Auswertung - 21.05.2013 (14)
  7. TR/ATRAPS.Gen2 in C:\$Recycle.Bin\...\U\80000032.@ und TR/Sirefef.abx in C:\$Recycle.Bin\...\U\000000
    Log-Analyse und Auswertung - 05.04.2013 (19)
  8. 'TR/ATRAPS.Gen' in 'C:\$Recycle.Bin\...\80000000.@'
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (3)
  9. $RECYCLE.BIN in C:?? Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (9)
  10. Trojaner in C:\$recycle.bin
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (1)
  11. Trojaner in $recycle.bin
    Plagegeister aller Art und deren Bekämpfung - 27.09.2011 (11)
  12. Trojaner 'PWS-Zbot.gen.gm' in 'C:\Recycle.Bin\Recycle.Bin.exe' - evtl. für Phishing verantwortlich?
    Plagegeister aller Art und deren Bekämpfung - 06.07.2011 (1)
  13. Ursprünge von recycle.bin/recycle.bin.exe
    Plagegeister aller Art und deren Bekämpfung - 01.07.2011 (6)
  14. TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden.
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (18)
  15. Trojanerbefall TR/Agent.ar.55 und TR/Jorik.SpyEyes.no; C:\Recycle.Bin\Recycle.Bin.exe
    Log-Analyse und Auswertung - 09.06.2011 (31)
  16. Recycle.Bin.exe
    Log-Analyse und Auswertung - 01.06.2011 (64)
  17. Virus in C:\$recycle.bin?????
    Log-Analyse und Auswertung - 25.01.2011 (11)

Zum Thema BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? - Hallo, ich bekomme seit einigen Tagen von Avira die Fehlermeldung: "In der Datei <<C:\$Recycle.Bin\...\n>> wurde ein Virus oder unerwünschtes Programm BDS/ZeroAccess.Gen gefunden". Sonst läuft das System aus meiner Sicht normal. - BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?...
Archiv
Du betrachtest: BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.